In the coming years it is expected that there will be a rapid growth in so-called machine-to-machine (M2M) applications that use cellular network infrastructure. Such applications involve devices such as sensors and actuators communicating with other devices or network servers, often without direct human supervision. An example application might involve a remote, battery operated environmental sensor that receives measurement requests to which it responds. M2M applications are expected to increase dramatically the number of wirelessly connected devices in use with cellular networks. It has been predicted that a few tens of billions of such devices should be in service by the year 2020.
In systems supporting M2M applications, a feature that is generally needed is a mechanism to trigger (or wake up) a device since such devices typically turn off their communication capabilities in order to save energy. Triggering typically means that an entity in the network triggers a device (which is possibly in a sleep mode) to perform some action and contact the entity (or another entity). This may be for example metering a temperature and reporting it to the network entity.
M2M devices are frequently battery operated devices with limited power resources, and may not have access to power supplies to charge their batteries. Despite this they may be required to operate for very long times. This makes the M2M devices very sensitive to power consumption and vulnerable to unauthorized or fake trigger requests from the network, which could drain the battery. Use of radio requires more energy (by several orders of magnitude) than almost any other operation performed.
Indeed for any low power or constrained devices it is particularly desirable to save power, in particular for wireless devices. Various techniques for Discontinuous Reception (DRX) are known, in which the radio receiver is switched on for short periods of time in predetermined timeslots and can only receive messages in these timeslots. However, DRX is still vulnerable to malicious adversaries aiming to drain a device's battery. The adversary can inject spoofed messages during DRX “awake” cycles and/or can trigger the device to enable radio reception through detection of RF energy (if the device has a so-called “wake-up receiver”). The device will use its radio to receive these messages. The message will be delivered to some application layer function for processing. The application layer may be able to discard the message as spoofed, but there is no guarantee of this. Even if the message is discarded, resources have already been wasted in receiving and pre-processing this message at lower layers. In the worst case scenario the message is not identified by the device as being invalid, and the device therefore “acts” on it, for example turning some actuator “on” or “off” (e.g. opening a locked door) with possibly devastating consequences.
By adding cryptography (message authentication) in the application layer, the situation is greatly improved. At least it is then possible to prevent the device performing application-level actions based on spoofed messages. However, the radio reception and the associated energy waste are still not avoided.
By putting authentication at lower layers (preferably as low as possible, for example the Medium Access Control (MAC) layer) the situation is improved further. However, current techniques still require the entire message to be received before the authenticity can be verified. Radio usage is the main consumer of energy in typical devices (usually 100-1000 times more expensive than processing) and the technique described above still carries out this energy-expensive radio usage.
It would therefore be desirable to enable a device to identify that messages are unauthorised early enough to turn its radio receiver off and thus save energy.